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DETAILED ACTION 

Response to Amendment 
Applicant's arguments/ amendments with respect to amended claims 8-13 filed April 18, 
2005 have been fully considered (See 37 CFR 1.111; MPEP 714.04) but they are not persuasive. 
The Examiner would like to point out that this action is made final (See MPEP 706.07a). 

Drawings 

The amendments made to the figures, as filed on April 18, 2005 are accepted. Therefore, 
the previous objections to the figures are withdrawn. 

Specification 

The amendments made to the abstract, as filed on April 18, 2005 are accepted. 
Therefore, the previous objection to the specification is withdrawn. 

Claim Objections 

The amendments made to the claims overcome the previous claim objections. Therefore, 
the previous objections of claims 8-12 are withdrawn. 

Claim Rejections - 35 USC §112 
The amendments made to the claims overcome the previous 35 USC 1 12, second 
paragraph rejections. Therefore, the previous 35 USC 1 12, second paragraph rejections of 
claims 8-13 are withdrawn. 



\ 
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Response to Arguments 
Applicant's arguments fail to comply with 37 CFR 1 . 1 1 1(b) because they amount to a 
general allegation that the claims define a patentable invention without specifically pointing out 
how the language of each of the limitations of the claims patentably distinguishes them from the 
references. 

Applicant contends that Wiegel fails to teach or suggest "a security hatching step of 
executing an information security policy which corresponds to each managed system constituting 
an information system designated by a user from a database describing a correspondence 
between information security policies representing policies of security measures with at least one 
managed system and the managed systems, to hatch security specification to be applied to the 
information system" as recited in the claims. Examiner respectfully disagrees. 

Wiegel substantially teaches the claimed security management method for supporting a 
security management of each of a plurality of managed systems constituting an information 
system with an electronic computer, comprising a security specification hatching step of 
extracting an information security policy made to correspond to each managed system 
constituting an information system (col 13, lines 29-37 and fig. 7B, elements 726, 728, and 730) 
designated by a user (col. 13, lines 38-49) from a database (col. 1 1, lines 43-47 and col. 14, lines 
20-35) describing a correspondence of the information security policy (col. 13, lines 38-49) 
representing policies of a security measure with at least one managed system (col. 13, lines 1-9 
and 49-56), to hatch security specifications (col. 13, lines 14-20) to be applied to the information 
system (col. 13, lines 20-22). 
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Applicant also contends that Wiegel also fails to teach or suggest "a security diagnosis 
step of executing a plurality of audit programs describing a processing for auditing various 
information including a type of the managed and a software version, which are stored so as to 
correspond to each set of the information security policy and the managed system which are 
specified by the hatched security specifications as well as by a security status to audit the various 
information including the type of the software version of the managed system constituting the 
information system designated by the user and diagnose a security of the information system" as 
recited in the claims. Examiner agrees that Wiegel does not explicitly disclosed these claimed 
features, however, Examiner respectfully disagrees with the statement that Grim et al. fail to 
teach or suggest these features of the present invention. Grimm et al. teach a security diagnosis 
step of executing a plurality of audit programs (fig. 1, elements 1 1 and 21) describing a process 
for auditing various information (col. 7, lines 27-34), including a type of the managed system 
(col. 4, lines 9-34) and a software version (col. 5, lines 16-27), stored so as to correspond to each 
set of the information security policy and the managed system (col. 5, lines 39-59) which are 
specified by security specifications hatched in said security specification hatching step (as 
applied with Wiegel above), as well as by a security status to audit the various information 
including the type and the software version of the managed system (col. 7, lines 27-34) 
constituting the information system designated by the user (fig. 2, element 10), and to diagnose a 
security of said information system (fig. 2, element 14 and col. 5, lines 13-39). 

Furthermore, Applicant also contends that Wiegel fails to teach or suggest "a security 
handling and management step of executing a management program designated by the user from 
a plurality of management programs describing a process for controlling the security status 
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concerning the security policy of the managed system stored so as to correspond to each set of 
the information security policy and the managed system which are specified by the hatched 
security specifications to allow the electronic computer to change the security status of the 
managed system corresponding to the management program so as to adjust the security status to 
the information security policy corresponding to the management program" as recited in the 
claims. Examiner agrees that Wiegel does not explicitly disclosed these claimed features, 
however, Examiner respectfully disagrees with the statement that Grim et al. fail to teach or 
suggest these features of the present invention. Grimm et al. teach a security handling and 
management step of executing a management program designated by the user, from a plurality of 
management programs (col. 4, lines 24-34 and fig. 1, element 17) describing a process for 
controlling the security status concerning the information security policy of the managed system, 
stored so as to correspond to each set of the information security policy and the managed system 
(col. 5, lines 39-59) which are specified by the security specifications hatched in said security 
specification hatching step (as applied with Wiegel above), to allow said electronic computer to 
change the security status of the managed system (col. 4, lines 35-61) corresponding to the 
management program so as to adjust the security status to the information security policy that 
corresponds to the management program (col. 5, lines 52-63). 

Finally, Applicant contends that Grimm et al. fails to teach or suggest the above 
described features of the present invention regarding the providing of "security control means 
and means for obtaining the status and changing the configuration of the security control means 
in the appropriate manner relative to security specifications." Examiner respectfully disagrees. 
Grim et al. teach a security policy service that includes various security controls which allow one 
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to obtain the status, as well as to change the configuration of the security control means (col 5, 
lines 13-5 1). Therefore, Grim et al. do teach the described features of the present invention 
regarding the providing of security control means and means for obtaining the status and 
changing the configuration of the security control means in the appropriate manner relative to 
security specifications. 

Due to the reasons stated above, the Examiner maintains rejections with respect to 
amended claims 8-13. Grim et al. in combination with Wiegel teach the limitations not explicitly 
disclosed by Wiegel. Therefore, it is the Examiner's conclusion that amended claims 8-13 are 
not patentably distinct or non-obvious over the prior art of record as presented. 

Claim Rejections - 35 USC § 103 

I. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. ' 

II. Claims 8-1 1 and 13 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Wiegel United States Patent No. 6,484,261 and further in view of Grimm et al. United States 
Patent No. 6,317,868. 

As per claim 8: 

Wiegel substantially teaches the claimed security management method for supporting a 
security management of each of a plurality of managed systems constituting an information 
system with an electronic computer, comprising a security specification hatching step of 
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extracting an information security policy made to correspond to each managed system 
constituting an information system (col. 13, lines 29-37 and fig. 7B, elements 726, 728, and 730) 
designated by a user (col. 13, lines 38-49) from a database (col. 11, lines 43-47 and col. 14, lines 
20-35) describing a correspondence of the information security policy (col. 13, lines 38-49) 
representing a policy of a security measure with at least one managed system (col. 13, lines 1-9 
and 49-56), to hatch security specifications (col. 13, lines 14-20) to be applied to the information 
system (col. 13, lines 20-22). 

Not explicitly disclosed by Wiegel is a security diagnosis step of executing a plurality of 
audit programs describing a process for auditing various information, including a type of the 
managed system and a software version, stored so as to correspond to each set of the information 
security policy and the managed system which are specified by security specifications hatched in 
said security specification hatching step, as well as by a security status to audit the various 
information including the type and the software version of the managed system constituting the 
information system designated by the user, and to diagnose a security of said information 
system; and a security handling and management step of executing a management program 
designated by the user, from a plurality of management programs describing a process for 
controlling the security status concerning the information security policy of the managed system, 
stored so as to correspond to each set of the information security policy and the managed system 
which are specified by the security specifications hatched in said security specification hatching 
step, to allow said electronic computer to change the security status of the managed system 
corresponding to the management program so as to adjust the security status to the information 
security policy that corresponds to the management program. 
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However, Grimm et al. teach a security diagnosis step of executing a plurality of audit 
programs (fig, 1, elements 1 1 and 21) describing a process for auditing various information (col. 
7, lines 27-34), including a type of the managed system (col. 4, lines 9-34) and a software 
version (col. 5, lines 16-27), stored so as to correspond to each set of the information security 
policy and the managed system (col. 5, lines 39-59) which are specified by security 
specifications hatched in said security specification hatching step (as applied with Wiegel 
above), as well as by a security status to audit the various information including the type and the 
software version of the managed system (col. 7, lines 27-34) constituting the information system 
designated by the user (fig. 2, element 10), and to diagnose a security of said information system 
(fig. 2, element 14 and col. 5, lines 13-39). 

Also disclosed by Grimm et al. is a security handling and management step of executing 
a management program designated by the user, from a plurality of management programs (col. 4, 
lines 24-34 and fig. 1, element 17) describing a process for controlling the security status 
concerning the information security policy of the managed system, stored so as to correspond to 
each set of the information security policy and the managed system (col. 5, lines 39-59) which 
are specified by the security specifications hatched in said security specification hatching step (as 
applied with Wiegel above), to allow said electronic computer to change the security status of the 
managed system (col. 4, lines 35-61) corresponding to the management program so as to adjust 
the security status to the information security policy that corresponds to the management 
program (col. 5, lines 52-63). 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have modified the method disclosed in Wiegel to add a security 
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diagnosis step and a security handling/management step as disclosed by Grimm et al. This 
modification would have been obvious because a person having ordinary skill in the art, at the 
time the invention was made, would have been motivated to do so as suggested by Grimm et al. 
in "enforcing and auditing site-specific security provisions" (col. 1, lines 15-18 and col. 1, line 
58 - col 2, line 29). 
As per claim 9: 

Wiegel and Grimm et al. substantially teach the security management method as applied 
to claim 8 above. Furthermore, Grimm et al. substantially teach the method wherein in said 
security diagnosis step, the audit program made to correspond to each set of the information 
security policy and the managed system, which are specified by the security specifications 
hatched in said security specification hatching step, is extracted (col. 5, lines 13-51) describing a 
correspondence of the information security policy, the managed system and the audit program 
describing a processing for auditing various information such as a type and a software version of 
said managed system as well as the security status concerning said information security policy of 
said managed system, and executed, to diagnose the security of the information system 
designated by said user. 

Also, Grimm et al. substantially teach in said security handling and management step, the 
management programs made to correspond to each set of the information security policy and the 
managed system, which are specified by the security specifications hatched in said security 
specification hatching step, are extracted (col. 4, lines 24-34) describing a correspondence of the 
information security policy, the managed system and the management program describing a 
processing for controlling the security status concerning the security policy, the managed system 
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and said information security policy of a security of said managed system, and the management 
program designated by the user is extracted among the extracted programs to be executed (col. 4, 
lines 24-44), to allow the security status of the managed system corresponding to the extracted 
management program to adjust to the information security policy corresponding to the 
management program. 

Not explicitly disclosed by Wiegel or Grimm et al. are the audit program and the 
management programs being extracted from a database. However, Wiegel teaches the method 
wherein the audit program and the management programs, which are used for configuring and 
maintaining the system, are extracted from a database. Therefore, it would have been obvious to 
a person of ordinary skill in the art at the time the invention was made to modify the method 
disclosed in Wiegel and Grimm et al. to allow for the audit program and management programs 
to be extracted from the database: This modification would have been obvious because a person 
having ordinary skill in the art, at the time the invention was made, would have been motivated 
to do so since it is suggested by Wiegel in col. 1 1, lines 43-5 1 . 
As per claim 10: 

Wiegel and Grimm et al. substantially teach the security management method as applied 
in claim 8 above. Not explicitly disclosed by Wiegel or Grimm et al. is the method wherein said 
security diagnose step is executed periodically. However, Grimm et al. teaches the method 
wherein said security diagnose step is executed periodically as defined by the user. Therefore, it 
would have been obvious to a person in the art at the time the invention was made to modify the 
method disclosed in Grimm et al to allow for the security diagnose step to be executed 
periodically. This modification would have been obvious because a person having ordinary skill 
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in the art, at the time the invention was made, would have been motivated to do so since it is 
suggested by Grimm et al. in col. 5, lines 42-51. 
As per claim 1 1 : 

Wiegel and Grimm et al. substantially teach the security management method as applied 
to claim 8. Not explicitly disclosed by Wiegel or Grimm et al. is that method wherein, in 
accordance with setting a content received from the user, said management program changes the 
security status of the managed system corresponding to the management program so as to adjust 
the security status to the information security policy corresponding to the management program. 
However, Wiegel teaches a security setting content received from the user. Therefore, it would 
have been obvious to a person in the art at the time the invention was made to modify the method 
disclosed in Wiegel and Grimm et al. to incorporate a security setting content received from the 
user in order for the management program to change the security status of the managed system. 
This modification would have been obvious because a person having ordinary skill in the art, at 
the time the invention was made, would have been motivated to do so since it is suggested by 
Wiegel in col. 14, lines 1-61. 
As per claim 13: 

Wiegel substantially teaches the claimed security management system for supporting a 
security management of managed systems constituting an information system, comprising a 
database (col. 11, lines 43-47 and col 14, lines 20-35) describing a correspondence of an 
information security policy (col. 13, lines 38-49) representing a policy of a security measure with 
at least one managed system (col. 13, lines 1-9 and 49-56) and a security specification hatching 
section for extracting an information security policy made to correspond to each of the managed 
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systems constituting the information system (col. 13, lines 29-37 and fig. 7B, elements 726, 728, 
and 730) designated by a user (col. 13, lines 38-49) from said database (col. 1 1, lines 43-47 and 
col. 14, lines 20-35), to hatch security specifications (col. 13, lines 14-20) to be applied to the 
information system (col. 13, lines 20-22). 

Not explicitly disclosed by Wiegel is a plurality of audit sections for auditing various 
information including a type and a software version of the managed system as well as a security 
status concerning the information security policy of the managed system, each audit section 
being provided so as to correspond to each set of the information security policy and the 
managed system, which are specified by security specifications hatched by said security 
specification hatching section, a security diagnosis section for diagnosing a security of an 
information system designated by said user, on the basis of diagnosis results in each of said audit 
sections, a plurality of management sections for controlling a security status concerning the 
information security policy of the managed system, each management section being provided so 
as to correspond to each set of the information security policy and the managed system, which 
are specified by security specifications hatched by said security specification hatching step, and a 
security handling and management section for executing a management section designated by 
said user, to change the security status of the managed system corresponding to the management 
program so as to adjust the security status to the information security policy corresponding to the 
management program. 

However, Grimm et al. teach a security management system for supporting a security 
management of managed systems constituting an information system comprising a plurality of 
audit sections (fig. 1, elements 1 1 and 21) for auditing various information (col. 7, lines 27-34), 
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including a type (col. 4, lines 9-34) and a software version of the managed system (col. 5, lines 
16-27), as well as a security status concerning the information security policy of the managed 
system (col. 7, lines 27-34), each audit section being provided so as to correspond to each set of 
the information security policy and the managed system (col. 7, lines 27-34), which are specified 
by security specifications hatched by said security specification hatching section (as applied with 
Wiegel above) and a security diagnosis section for diagnosing a security of an information 
system designated by said user (fig. 2, element 10), on the basis of diagnosis results in each of 
said audit sections (col. 5, lines 13-39 and fig. 2, element 14). 

Also disclosed by Grimm et al. is a plurality of management sections (col. 4, lines 24-34 
and fig. 1, element 17) for controlling a security status concerning the information security 
policy of the managed system, each management section being provided so as to correspond to 
each set of the information security policy and the managed system (col. 5, lines 39-59) which 
are specified by security specifications hatched in said security specification hatching step (as 
applied with Wiegel above) and a security handling and management section for executing a 
management section designated by said user (col. 4, lines 24-34 and fig. 1, element 17), to 
change the security status of the managed system (col. 4, lines 35-61) corresponding to the 
management program so as to adjust the security status to the information security policy 
corresponding to the management program (col. 5, lines 52-63). 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have modified the method disclosed in Wiegel to add a security 
diagnosis step and a security handling/management step as disclosed by Grimm et al. This 
modification would have been obvious because a person having ordinary skill in the art, at the 
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time the invention was made, would have been motivated to do so as suggested by Grimm et al. 
in "enforcing and auditing site-specific security provisions" (col. 1, lines 15-18 and col. 1, line 
58 -col. 2, line 29). 

III. Claim 12 is rejected under 35 U.S.C. 103(a) as being unpatentable over Wiegel United 
States Patent No. 6,484,261, Grimm et al. United States Patent No. 6,317,868, and further in 
view of CERT's CC Vendor-Initiated Bulletins 1994-1998. 
As per claim 12: 

Wiegel and Grimm et al. substantially teach the security management method, wherein a 
diagnosis results obtained in said security diagnose step which is executed for the information 
system designated by the user are reflected in the database describing the correspondence of the 
information security policy with at least one managed system and an audit/management program 
stored so as to correspond to each set of the information security policy and the managed system 
as applied to claim 8 above. Not explicitly disclosed by Wiegel or Grimm et al. is security hole 
information published by a security information organization including CERT or Computer 
Emergency Response Team. However, CERT/CC Vendor-Initiated Bulletins disclose security 
hole information published by a security information organization including CERT. Therefore, 
it would have been obvious to a person in the art at the time the invention was made to modify 
the method disclosed in Wiegel and Grimm et al. to incorporate the use of security hole 
information published by a security information- organization including CERT or Computer 
Emergency Response Team. This modification would have been obvious because a person 
having ordinary skill in the art, at the time the invention was made, would have been motivated 
to do so since it is suggested by the CERT/CC Vendor -Initiated Bulletins 1994-1998, pages . 1-8. 
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Conclusion 



Applicant's amendment necessitated the new ground(s) of rejection presented in this 
Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). 
Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1 .136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Nadia Khoshnoodi whose telephone number is (571) 272-3825. 
The examiner can normally be reached on M-F: 8:00-4:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Albert Decady can be reached on (571) 272-3819. The fax phone number for the 
organization where this application or proceeding is assigned is 703-872-9306. 




Nadia Khoshnoodi 
Examiner 
Art Unit 2133 
7/22/2005 
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